RFR: 8325448: Hybrid Public Key Encryption [v43]

Weijun Wang weijun at openjdk.org
Fri Sep 12 23:45:29 UTC 2025 

On Fri, 12 Sep 2025 20:50:57 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:

>> Weijun Wang has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 58 commits:
>> 
>>  - Merge branch 'master' into 8325448
>>  - about transformation
>>  - cannot reset with withMethods
>>  - algorithm identifier
>>  - withMethods
>>  - duplicated "value" words
>>  - receiver to recipient; different to specified
>>  - use different exception type
>>  - more spec change
>>  - address Sean's comments
>>  - ... and 48 more: https://git.openjdk.org/jdk/compare/7fcce270...1ec31cf5
>
> src/java.base/share/classes/javax/crypto/spec/HPKEParameterSpec.java line 317:
> 
>> 315:             throw new IllegalArgumentException("psk_id is empty");
>> 316:         }
>> 317:         if ("RAW".equalsIgnoreCase(psk.getFormat())) {
> 
> What happens if the format is not RAW?  Is that allowed or should it be an IAE?
> If `psk` is an  16 byte AES Secret key is that checked somewhere or at all relevant?

I just meant if it's not "RAW" (maybe `null`?) then I have no way to check its length. A 16 byte AES will be rejected if it has an encoding which is almost always of "RAW" format.

Or, did you confuse `getAlgorithm` and `getFormat`?

> src/java.base/share/classes/javax/crypto/spec/HPKEParameterSpec.java line 352:
> 
>> 350:      * authentication key value.
>> 351:      * <p>
>> 352:      * Note: this method does not check whether the KEM supports
> 
> "the KEM supports" sounds awkward to me.  Do you mean non-DHKEM or the KEM provider implementation?

Section 5 of RFC 9180:

> Note that some KEMs may not support AuthEncap() or AuthDecap(). For such KEMs, only mode_base or mode_psk are supported. Future specifications which define new KEMs MUST indicate whether these modes are supported. See [Section 7.1.5](https://www.rfc-editor.org/rfc/rfc9180.html#future-kems) for more details.

I can change to "the KEM algorithm supports".

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r2345617709
PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r2345620663

More information about the security-dev mailing list